The nature of application delivery now spans a range of technologies and deployment models. From an execution environment perspective, they can range from VMs to containers and serverless functions. No one model can solve everything, and the right technology must be used for the right problem. From a placement perspective, they span public and private clouds and edge computing, while the end users accessing these applications are people and machines. Securing these diverse environments while maintaining productivity and minimizing errors is challenging, to say the least. The classic models of arranging everything inside a perimeter, whether this is a private DC or a virtual private cloud (VPC), are falling apart under the weight of complexity and inadequacy.
Dimitri Stiliadis postulates that there is actually a simple and uniform model to address security with verifiable policies, and this is based on the concept of identity. Every machine, container, and function and every user, IoT device, or driverless car must have a cryptographically verified and trusted identity. Robust security can only be achieved through end-to-end authentication, authorization, and encryption. Whether it’s users interacting with VMs or applications or whether it’s lambda functions interacting with enterprise applications, no interaction can be done without just-in-time authorization and authentication. Achieving this level of security requires three components: identity distribution and trust management, global governance of policy and access rules, and uniform enforcement of authorization across execution environments. Coordinating these components can be very challenging unless they are unified on a common layer of identity and unless the right tools are there to understand and manage policy. They can also be challenging if enforcement is delegated to every application developer and not decoupled from the code.
This session is sponsored by Aporeto.
Dimitri Stiliadis is the cofounder and CTO of Aporeto. He comes from a multidisciplinary background in distributed systems, security, and networking and is the inventor of several groundbreaking technologies in these areas. Previously, he was the cofounder and CTO of Nuage Networks, where he led the development of the industry-leading Virtualized Services Platform. He’s held several leading roles in Bell Labs Research, where he led a series of research programs with fundamental contributions in networking, algorithms, optical networks, and distributed systems.
©2019, O'Reilly Media, Inc. • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • email@example.com